From 67f01bc2667ff5133f0686753dd170f5ffd1e890 Mon Sep 17 00:00:00 2001
From: Loganaden Velvindron <address@hidden>
Date: Mon, 14 Aug 2017 14:43:40 +0400
Subject: [PATCH 3/3] Fix regression with older protocols. Set a variable when
 the user specifies tls 1.3 and use this to check what to set the minimum TLS
 level. This unbreaks non tls 1.3 protocols when requested via command line.

Signed-off-by: Loganaden Velvindron <address@hidden>
---
 src/openssl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/openssl.c b/src/openssl.c
index cff467d1..82576493 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -174,6 +174,7 @@ ssl_init (void)
 {
   SSL_METHOD const *meth;
   long ssl_options = 0;
+  bool tlsv1_3;
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000
   if (ssl_true_initialized == 0)
@@ -243,6 +244,7 @@ ssl_init (void)
     case secure_protocol_tlsv1_3:
 #ifdef TLS1_3_VERSION
       meth = TLS_client_method ();
+      tlsv1_3 = true;
       break;
 #else
       logprintf (LOG_NOTQUIET, _("Your OpenSSL version hasn't been compiled with TLS 1.3 support\n"));
@@ -277,8 +279,10 @@ ssl_init (void)
     SSL_CTX_set_options (ssl_ctx, ssl_options);
 
 #ifdef TLS1_3_VERSION
-  if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION) == 0)
-     goto error;
+  if (tlsv1_3) {
+     if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION) == 0)
+         goto error;
+  }
 #endif
 
   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
-- 
2.11.0